Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d9/c44b7f-5bcd-4ee7-8712-38823c1449af/1/6TbxC-XktHPhUkFuDxddZ5zBqHo.roa
File:                     6TbxC-XktHPhUkFuDxddZ5zBqHo.roa (raw, json)
Hash identifier:          3X2mD11CO/2izgrGr2Val2GEmD3YElImIPJSaT8TTs8=
Subject key identifier:   E9:36:F1:0B:E5:E4:B4:73:E1:52:41:6E:0F:17:5D:67:9C:C1:A8:7A
Certificate issuer:       /CN=eebe79d147882422ec275417dfd2affa93a02757
Certificate serial:       0191BCFE37BA040150E3C0273B4E7F4FA3B4
Authority key identifier: EE:BE:79:D1:47:88:24:22:EC:27:54:17:DF:D2:AF:FA:93:A0:27:57
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7r550UeIJCLsJ1QX39Kv-pOgJ1c.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d9/c44b7f-5bcd-4ee7-8712-38823c1449af/1/6TbxC-XktHPhUkFuDxddZ5zBqHo.roa
Signing time:             Wed 04 Sep 2024 12:24:22 +0000
ROA not before:           Wed 04 Sep 2024 12:24:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215374
IP address blocks:        193.8.73.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d9/c44b7f-5bcd-4ee7-8712-38823c1449af/1/7r550UeIJCLsJ1QX39Kv-pOgJ1c.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d9/c44b7f-5bcd-4ee7-8712-38823c1449af/1/7r550UeIJCLsJ1QX39Kv-pOgJ1c.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7r550UeIJCLsJ1QX39Kv-pOgJ1c.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:bc:fe:37:ba:04:01:50:e3:c0:27:3b:4e:7f:4f:a3:b4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=eebe79d147882422ec275417dfd2affa93a02757
        Validity
            Not Before: Sep  4 12:24:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e936f10be5e4b473e152416e0f175d679cc1a87a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:14:ae:d6:0b:68:89:a3:f3:a4:39:12:b4:7e:
                    1f:b3:27:3c:af:ae:35:de:03:f2:c2:81:e4:61:38:
                    69:36:82:7a:b1:57:48:00:37:c4:99:a8:9e:42:39:
                    6d:43:d5:51:78:29:bb:28:36:42:45:3d:cf:98:2f:
                    b4:5e:38:1c:99:f5:c6:99:eb:dd:f8:cb:16:ab:91:
                    d4:d4:bd:5f:f8:cf:48:06:38:85:75:ca:de:0f:a6:
                    b7:a2:05:f2:d5:3e:28:ce:f5:91:71:f4:52:fc:0d:
                    58:29:3a:56:05:db:93:e0:d8:f7:f4:c8:5f:49:59:
                    49:d6:43:f2:9c:57:17:7b:ab:16:ae:ad:80:a8:4b:
                    58:fe:6d:90:13:0f:89:8e:57:48:64:30:b7:6c:ff:
                    d4:ef:a2:08:60:2e:f7:df:c3:96:aa:5a:c7:9d:ca:
                    d7:34:b9:67:20:af:79:2a:2f:9a:8a:a0:78:98:c4:
                    e0:c9:bb:e0:fb:2f:a7:b8:6f:88:04:f4:d6:0d:87:
                    77:36:17:6d:3d:24:1f:09:b4:eb:ca:91:2a:80:5f:
                    e1:f5:f8:80:8d:5f:55:89:3d:88:cd:3f:87:a9:ae:
                    71:87:cc:b8:83:41:94:19:4d:fc:61:5d:17:f8:b7:
                    cf:3b:8b:0d:75:0a:ae:6b:13:5f:70:a0:73:88:93:
                    c1:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E9:36:F1:0B:E5:E4:B4:73:E1:52:41:6E:0F:17:5D:67:9C:C1:A8:7A
            X509v3 Authority Key Identifier:
                keyid:EE:BE:79:D1:47:88:24:22:EC:27:54:17:DF:D2:AF:FA:93:A0:27:57

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7r550UeIJCLsJ1QX39Kv-pOgJ1c.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/c44b7f-5bcd-4ee7-8712-38823c1449af/1/6TbxC-XktHPhUkFuDxddZ5zBqHo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/c44b7f-5bcd-4ee7-8712-38823c1449af/1/7r550UeIJCLsJ1QX39Kv-pOgJ1c.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.8.73.0/24

    Signature Algorithm: sha256WithRSAEncryption
         92:73:d7:09:12:c7:d0:ef:88:68:7a:1f:7c:7a:43:8d:0c:a7:
         13:08:da:13:86:e4:85:53:80:a3:3a:9a:f9:52:75:93:9a:a7:
         36:d0:3a:a6:7c:8c:a2:e8:ec:c5:d6:b0:9f:5e:2f:ce:cf:c3:
         85:15:40:f2:34:ac:f7:fe:d2:c3:5f:64:f2:66:df:59:d1:60:
         db:e9:dd:25:3b:c2:9e:2e:a5:77:57:19:8c:0e:d0:17:9b:8c:
         3d:f8:85:a3:47:7f:a5:ab:40:ee:25:79:94:a7:ec:1a:f3:ee:
         b4:de:76:2c:75:af:9a:60:39:5b:51:f3:d6:9e:34:88:b1:77:
         63:fa:ee:86:14:55:18:e3:63:88:53:b4:68:63:f5:9b:61:08:
         2c:d3:67:2a:bf:60:97:70:e7:fe:07:fc:b5:6a:ac:f2:88:d6:
         74:26:86:bc:16:5c:39:cd:2c:58:80:2b:3b:24:d6:2f:ce:ee:
         70:64:7b:d0:39:78:42:76:a4:d2:4c:9a:19:4a:55:2c:ff:65:
         19:c1:73:5a:d5:32:8c:e2:53:5d:ea:4e:e5:18:c8:d4:8c:c7:
         0c:65:4a:d5:5b:ca:c9:34:09:54:53:af:36:7e:8f:73:00:5f:
         e4:e0:d1:94:c3:4c:d3:29:67:15:e0:af:76:69:a6:6c:00:fa:
         d3:fa:20:c2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZG8/je6BAFQ48AnO05/T6O0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVlYmU3OWQxNDc4ODI0MjJlYzI3NTQxN2RmZDJhZmZhOTNh
MDI3NTcwHhcNMjQwOTA0MTIyNDIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlOTM2ZjEwYmU1ZTRiNDczZTE1MjQxNmUwZjE3NWQ2NzljYzFhODdhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxRSu1gtoiaPzpDkStH4fsyc8r641
3gPywoHkYThpNoJ6sVdIADfEmaieQjltQ9VReCm7KDZCRT3PmC+0XjgcmfXGmevd
+MsWq5HU1L1f+M9IBjiFdcreD6a3ogXy1T4ozvWRcfRS/A1YKTpWBduT4Nj39Mhf
SVlJ1kPynFcXe6sWrq2AqEtY/m2QEw+JjldIZDC3bP/U76IIYC7338OWqlrHncrX
NLlnIK95Ki+aiqB4mMTgybvg+y+nuG+IBPTWDYd3NhdtPSQfCbTrypEqgF/h9fiA
jV9ViT2IzT+Hqa5xh8y4g0GUGU38YV0X+LfPO4sNdQquaxNfcKBziJPBKwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOk28Qvl5LRz4VJBbg8XXWecwah6MB8GA1UdIwQY
MBaAFO6+edFHiCQi7CdUF9/Sr/qToCdXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN3I1NTBVZUlKQ0xzSjFRWDM5S3YtcE9nSjFjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kOS9jNDRiN2YtNWJjZC00ZWU3LTg3MTIt
Mzg4MjNjMTQ0OWFmLzEvNlRieEMtWGt0SFBoVWtGdUR4ZGRaNXpCcUhvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kOS9jNDRiN2YtNWJjZC00ZWU3LTg3MTItMzg4MjNjMTQ0OWFm
LzEvN3I1NTBVZUlKQ0xzSjFRWDM5S3YtcE9nSjFjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwQhJMA0G
CSqGSIb3DQEBCwUAA4IBAQCSc9cJEsfQ74hoeh98ekONDKcTCNoThuSFU4CjOpr5
UnWTmqc20DqmfIyi6OzF1rCfXi/Oz8OFFUDyNKz3/tLDX2TyZt9Z0WDb6d0lO8Ke
LqV3VxmMDtAXm4w9+IWjR3+lq0DuJXmUp+wa8+603nYsda+aYDlbUfPWnjSIsXdj
+u6GFFUY42OIU7RoY/WbYQgs02cqv2CXcOf+B/y1aqzyiNZ0Joa8Flw5zSxYgCs7
JNYvzu5wZHvQOXhCdqTSTJoZSlUs/2UZwXNa1TKM4lNd6k7lGMjUjMcMZUrVW8rJ
NAlUU682fo9zAF/k4NGUw0zTKWcV4K92aaZsAPrT+iDC
-----END CERTIFICATE-----